<?php 
	include ("config.inc.php");
	if (is_uploaded_file($_FILES['invoices']['tmp_name'])){
		$c_id           = htmlspecialchars(trim(intval($_POST['c_id'])));
		$title          = htmlspecialchars(trim($_POST['title']));
		$comments       = htmlspecialchars(trim($_POST['comments']));
		$savedir        = "../invoices/";
				
		$extension      = substr($_FILES['invoices']['name'], strrpos($_FILES['invoices']['name'], '.')+1);
		$newfilename    = "invoice_".uniqid($c_id)."";
 		move_uploaded_file($_FILES['invoices']['tmp_name'], $savedir.$newfilename . '.' . $extension);
 		$uploadInvoice  = "INSERT INTO invoices (c_id,comments,file,title,date_added) VALUES ('$c_id','$comments','".$newfilename.".".$extension."','$title',NOW())";
		mysql_query($uploadInvoice) or die(mysql_error());
		echo $extension;
		echo $uploadInvoice;
	}else{
		print "Need to send data for page to work.";
	}
?>

